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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

Applicant(s) : SCHMITZ et al. 

Serial No. : To Be Assigned 

Filed : Herewith 

For : SYSTEM FOR CONTROLLING 

ACCESS AUTHORIZATION 

Examiner : To Be Assigned 

Group Art Unit : To Be Assigned 

Assistant Commissioner 

for Patents 
Washington, D.C. 20231 

PRELIMINARY AMENDMENT 

SIR: 

Please amend the above-identified application before examination as 

follows: 

In The Specification : 

On page 1, line 1, change "Background Information" to — Background 

Information —. 

On page 1, line 3, after "The" insert —present—. 

On page 1, line 3, after "authorization" insert and delete "as set 

forth by". 

On page 1, delete line 4 and insert -German Patent No. 44 28 947 has- 



On page 1 , line 1 2, insert — Summary Of The Invention —. 



2 

On page 1, line 14, delete "The objective is achieved by the 
characterizing features of. 

On page 1, delete line 15. 

On page 1, line 21, before "invention" insert —present--. 

On page 3, delete lines 1 1-23 and in their place insert: 
— Brief Description Of The Drawings 

Figure 1 shows a block diagram and an access authorization procedure of a first 
exemplary embodiment. 

Figure 2 shows another block diagram and access authorization procedure of the first 
exemplary embodiment. 

Figure 3 shows a block diagram and an access authorization procedure of a second 
exemplary embodiment. 

Figure 4 shows another block diagram and access authorization procedure of the 
second exemplary embodiment. 

Detailed Description —. 

On page 4, line 25, delete "it is essential that". 

On page 4, line 26, change "be" to —is—. 

On page 4, line 27, after "Rx," insert -and--. 

On page 5, line 27, after "CWx," insert -and-. 
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On page 5, line 32, after "agree," insert —the procedure-- 



On page 6, line 1 , after "then" insert --the procedure— . 

On page 6, line 6, change "must be" to —is—. 

On page 7, line 1, change "Patent Claims" to 
- What Is Claimed Is :-. 

In The Claims : 

Please cancel original claims 1 -9, without prejudice, in the underlying 
PCT application, and also cancel the substitute claims 1-9, without prejudice, and 
enter the following new claims. 

10. (New) A system for controlling an access authorization, comprising: 

a base device for receiving a code word containing a reply and including a 
computer for comparing the reply to a required reply, wherein an access is authorized 
if the reply and the required reply agree; and 

at least one remote control for transmitting the code word, wherein: 

the base device transmits a prompt signal within a framework of a 
prompt/reply that has been previously successfully carried out, and 
the prompt signal is stored in the at least one remote control. 

1 1 . (New) The system according to claim 10, wherein: 

the required reply is formed as a function of an identifier stored in 
the at least one remote control and contained in the code word. 

12. (New) The system according to claim 10, wherein: 

the prompt signal is stored in the base device. 
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13. (New) The system according to claim 12, wherein: 

the prompt signal stored in the base device is erased when a number of 
failed agreements of the reply and the required reply exceeds a specifiable 
limiting value. 

14. (New) The system according to claim 10, wherein: 

the code word includes a counter code that is compared by the base 
device to a reference code. 

15. (New) The system according to claim 14, wherein: 

the counter code is changed in response to an actuation of an operating 
control element of the at least one remote control. 

16. (New) The system according to claim 14, wherein: 

the counter code is transmitted, and 

the transmitted counter code serves as the reference code. 

17. (New) The system according to claim 14, wherein: 

the counter code is contained in encrypted form in the code word. 

18. (New) The system according to claim 10, wherein: 

the code word is transmitted at a high frequency, and 
the prompt signal is transmitted at a low frequency. 

In The Abstract : 

Delete the Abstract and insert: 
— Abstract Of The Disclosure 

A system is proposed for controlling access authorization. It includes a base device 
which receives a code word that contains a response. A computer compares the 
response to a required response. An access is authorized if the response and the 
required response agree. A remote control transmits the code word. The system has 
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the distinction that a challenge transmitted by the base device is stored in the remote 
control for generating the code word.--. 

Remarks 

This Preliminary Amendment cancels original claims 1-9, without 
prejudice, in the underlying PCT Application No. PCT/DE98/03431, and cancels 
substitute claims 1-9, without prejudice. This Preliminary Amendment also adds new 
claims 10-18. The new claims do not add new matter to the application, but do 
conform the claims to U.S. Patent and Trademark Office rules. 

The amendments to the specification and abstract are to conform the 
specification and abstract to U.S. Patent and Trademark Office rules. The 
amendments to the specification and abstract do not introduce new matter into the 
application. 



May 18, 1999, and an International Preliminary Examination Report dated 

November 18, 1999, copies of which are submitted herewith. 

Applicants assert that the present invention is new, non-obvious, and 

useful. Consideration and allowance of the claims are requested. 

Respectfully submitted, 
KENYON & KENYON 



The underlying PCT application includes a Search Report dated 
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Richard L. Mayer 
Reg. No. 22,490 
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New York, NY 10004 

(212) 425-7200 
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S YSTEM FOR CONTROLLING ACCESS AUTHORIZATION 



Background Information 



The invention is based on a system for controlling access authorization as set forth by 
the species defined in the independent claim. The German patent 44 28 947 CI has 
5 already described a locking device for a motor vehicle having an actuating device as 

well as a transponder. Upon actuation of a transmitter, a remote-actuation changeable 
code word can be generated; a decoding device receives the code word, compares it to 
a remote-actuation changeable code signal stored in the decoding device, and 
generates an unlocking signal as a function of the comparison. Moreover, to increase 
\Q security, a transponder is provided whose changeable code signal is also evaluated for 

an enablement. 



The object of the present invention is to simplify the aforesaid system without 
suffering a loss in security. The objective is achieved by the characterizing features of 
the independent claim. 

The system of the present invention for controlling access authorization includes a 
base device which receives a code word. The code word contains a response which a 
computer compares to a required response. An access is authorized if the response and 
the required response agree. At least one remote control transmits the code word. The 
system according to the invention has the distinction that a challenge transmitted by 
the base device is stored in the remote control for generating the code word. This 
challenge is identical to that of a challenge/response process already successfully 
implemented in the past. Thus, the challenge gives an indication of an authorization of 
the remote control. In this manner, possibilities for manipulation are restricted. On the 
other hand, a fresh bidirectional challenge/response process is no longer necessary for 
the start of an access authorization procedure, since the challenge is already stored in 
the memory of the remote control. In this way, the code word can already be 
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transmitted with a greater transmission range to the base device, while the 
challenge/response procedure can only be carried out at short distance. Thus, a 
decoupling between bidirectional data transmission and unidirectional data 
transmission is ensured. Only a transmitter of greater transmission range is to be 
5 provided in the remote control, but not a corresponding receiver for the remote area. 

The challenge can be used for synchronization between the base device and remote 
control. In addition, the response and the required response, respectively, directly 
decisive for the access authorization are not stored in either the base device or in the 
remote control, so that direct access to this security-relevant information is not 
1 0 possible. 

? In an expedient further development, the required response is formed as a function of 

\:} an identifier stored in the remote control and contained in the code word. In this 

"_\ manner, an unequivocal allocation is achieved between the remote control used and 

J 5 the corresponding encryption stored in the base device. A clear allocation guarantees 

o sufficiently high security against unauthorized manipulation attempts. Because of this, 

r=i the algorithm which, in the remote control, encrypts the stored challenge - for 

2^ example, using an identifier specific to the remote control - to form a response can 

H simply be omitted and integrated in a microcontroller. 

IP 

In one refinement, the challenge stored in the base device is erased after a predefined 
number of failed agreements of response and required response. This ensures that, 
given a number of failed opening attempts, an access is no longer authorized in 
response to further attempts. A renewed opening attempt is only to be permitted in 
25 conjunction with a successfully flowing challenge/response process. Upon failure of 

the access authorization via the unidirectional protocol, the security requirements are 
increased, in that an access can only be achieved in conjunction with the complex 
bidirectional protocol. 



30 According to one advantageous refinement, the code word includes a counter code 

which the base device compares to a reference code. An access is only authorized in 
response to a deviation. The counter code is changed with the actuation of an 
operating control element of the remote control. Transmission of the code word just 
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monitored does not trigger an access authorization. The counter reading can be 
present both in unencrypted and in encrypted form in the code word. 

A transmitted code is used as reference code. A separate counter function does not 
have to be provided in the base device for this purpose. 

Expediently, the code word is transmitted at high frequency and the challenge is 
transmitted at low frequency. Because of the stored challenge, the remote control does 
not need a receiver in the high-frequency range. 

Other useful further developments come to light from the description and from further 
dependent claims. 

Drawing 

Two possible exemplary embodiments of a system according to the present invention 
for controlling access authorization are shown in the drawing and are explained in 
greater detail in the following description. Figures 1 and 2 show a block diagram and 
an access authorization procedure of a first exemplary embodiment; Figures 3 and 4 
show a block diagram and an access authorization procedure of a second exemplary 
embodiment. 

Description 

A plurality of remote controls Fl, ... Fx, ... Fn communicate with a base device BG 
which includes a transmitter/receiver 12 and a computer 16. Computer 16 exchanges 
data with transmitter/receiver 12 and has access to challenges CI, ... Cx, ... Cn, 
identifiers Kl, ... Kx, ... Kn and a limiting value G stored in the memory. The design 
of the xth remote control Fx is shown by way of example. A remote-control computer 
20 has access to identifier Kx and challenge Cx stored in the memory. It supplies data 
to transmitter 22 and exchanges data with a remote-control transmitter/receiver 26. 
The signal state influenced by an operating control element 24 is supplied to remote- 
control computer 20. 
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The second exemplary embodiment according to Figure 3 differs from the first 
exemplary embodiment according to Figure 1 in that, instead of limiting value G, a 
memory for a reference code RZ1, ... RZx, ... RZn is provided in base device BG. 
Remote control Fx has an additional field for a counter code Zx. 

In the following, the functioning method of the first exemplary embodiment shown in 
Figure 1 is explained in greater detail. A corresponding identifier Kl, ... Kx, ... Kn is 
stored in base device BG for each remote control Fl, ... Fx, ... Fn. Because of this, 
base device BG is able to clearly identify each individual remote control Fx or each 
remote-control group Fx - if, for example, a plurality of remote controls Fx are 
allocated to one identifier Kx. These identifiers Kl, ... Kx, ... Kn can be the 
corresponding memory locations, i.e., can be recognized on the basis of the memory 
location. In the challenge/response process, the base device transmits challenge Cx to 
remote control Fx clearly allocated by identifier Kx. A random-sequence generator 
generates this challenge Cx. Computer 16 stores transmitted challenge Cx in a 
memory location addressed via identifier Kx. Remote-control computer 20 stores the 
challenge Cx last transmitted by base device BG in a memory. 

The user starts the unidirectional communication of remote control Fx with base 
device BG by actuating operating control element 24, step 101. Using information 
specific for the special remote control Fx, remote-control computer 20 combines 
challenge Cx, stored in the memory, with an algorithm, from which response Rx is 
formed. For example, a part of identifier Kx, a manufacturing code permanently 
stored in remote control Fx, is used as information specific to the remote control. 
However, it is essential that this encryption, i.e., algorithm and information specific to 
the remote control, of challenge Cx be known and stored for each remote control Fx in 
base device BG, as well. Code word CWx contains identifier Kx and response Rx , if 
desired, appropriate wake-up and action commands. Transmitter 22 sends code word 
CWx to base device BG, step 103. Computer 16 filters identifier Kx out from received 
code word CWx. Computer 1 6 selects the challenge Cx, addressed by this identifier 
Fx, and encryption, which were also used to ascertain response Rx in remote control 
Fx. Computer 16 calculates required response Sx from challenge Cx, stored in base 
device BG, from the algorithm and from the information specific to the remote 
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control, thus from the encryption, step 105. Received response Rx and calculated 
required response Sx are compared in base device BG, step 107. If they agree, 
computer 16 gives a corresponding enabling signal, step 109. Otherwise, query 111, 
as to whether the number of failed opening attempts M has already exceeded a 
specifiable limiting value G, follows. If this is the case, no further opening attempt is 
permitted, step 1 13. In addition, challenge Cx stored in base device BG is erased. 
Thus, an access authorization can only be achieved by a successful run-through of the 
bidirectional challenge/response procedure, but not with the unidirectional protocol 
described. If the number of failed opening attempts M has not yet exceeded limiting 
value G, number M is incremented, step 115. Following this is step 105; the further 
procedure takes its course as already described. 

The steps from 1 1 1 on increase the security of the unidirectional data transmission, 
but are not absolutely necessary. 

The second exemplary embodiment, described in the following, relates to Figures 3 
and 4. As already explained for the first exemplary embodiment, challenge Cx is 
stored in remote control Fx. A counter code Zx, which is incremented in response to 
actuation of the operating control element 24, is stored in remote control Fx. For each 
remote control Fx, the last transmitted counter code Zx is stored as reference code 
RZ1, ... RZx, ... RZn in base device BG. After the start has been triggered by 
actuating operating control element 24, step 121, in conformity with the first 
exemplary embodiment, response Rx is calculated. Counter code Zx is increased by 
one. In addition to response Rx and identifier Kx, counter code Zx is contained in 
encrypted form in code word CWx. Transmitter 22 sends code word CWx to 
transmitter/receiver 12, step 123. Computer 16 in turn filters identifier Kx out from 
received code word CWx, reads out reference code RZx belonging to remote control 
Fx on the basis of this identifier, step 125. Counter code Zx is subsequently compared 
to reference code RZx, step 127. Since the counter code Zx last transmitted is stored 
as reference code RZx in base device BG, given a proper actuation of remote control 
Fx, counter code Zx and reference code RZx deviate from one another. However, if 
they agree, is broken off, step 129. An access is not authorized. Otherwise, as already 
for the first exemplary embodiment, base device BG ascertains required response Sx, 



step 131. If response Rx and required response Sx do not agree, step 133, then is 
broken off, step 135. Otherwise the authorization is given for initiating an opening 
operation, step 137. 



5 As an alternative second exemplary embodiment, counter code Zx is encrypted in 

remote control Fx. To ascertain reference code RZx, this encryption must be stored, 
addressed, in base device BG. It is only important for counter code Zx that it change 
with each actuation of remote control Fx; whether by a counter function or another 
algorithm is not important. 

10 

The two exemplary embodiments can also be combined to the effect that, for example, 
in the sequence according to Figure 4, the query according to step 1 1 1 is carried out. 
In this manner, security can be further increased vis-a-vis unauthorized opening 
attempts. 

15 

The challenge/response procedure, not explained more precisely, is preferably carried 
out at low frequency at short distance of the space to be entered, e.g., a motor vehicle. 
On the other hand, transmitter 22 transmits a higher-frequency signal which permits a 
greater transmission range. A receiver in the higher-frequency range is not to be 
20 provided for remote control Fx. The algorithm for encrypting challenge Cx in order to 

obtain response Rx can preferably be realized so simply that it too can be 
implemented in a microcontroller. 
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Patent Claims 



1 . A system for controlling access authorization, 

- having a base device (BG) which receives a code word (CWx) that contains a 
response (Rx) which a computer (16) compares to a required response (Sx), an access 
being authorized if the response (Rx) and the required response (Sx) agree; 

- having at least one remote control (Fl, ... Fx, ... Fn) which transmits the code word 
(CWx), 

characterized in that a challenge (Cx) transmitted by the base device (BG) is stored in 
the remote control (Fl, ... Fx, ... Fn) for generating the code word (CWx). 

2. The system as recited in Claim 1, 

characterized in that the required response (Sx) is formed as a function of an identifier 
(Kl, ... Kx, ... Kn) stored in the remote control (Fl, ... Fx, ... Fn) and contained in the 
code word (CWx). 

3. The system as recited in one of the preceding claims, 
characterized in that the challenge (Cx) is stored in the base device (BG). 

4. The system as recited in one of the preceding claims, 

characterized in that the challenge (Cx) stored in the base device (BG) is erased when 
the number of failed agreements of the response (Rx) and the required response (Sx) 
exceeds a specifiable limiting value (G). 

5. The system as recited in one of the preceding claims, 

characterized in that the code word (CWx) contains a counter code (Zx) which the 
base device (BG) compares to a reference code (RZx). 

6. The system as recited in one of the preceding claims, 

characterized in that the counter code (Zx) is changed in response to actuation of an 
operating control element (24) of the remote control (F), ... Fx, ... Fn). 

7. The system as recited in one of the preceding claims, 
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characterized in that a transmitted counter code (Zx) is used as the reference code 
(RZx). 

8. The system as recited in one of the preceding claims, 

characterized in that the counter code (Zx) is contained in encypted form in the code 
word (CWx). 

9. The system as recited in one of the preceding claims, characterized in that the code 
word (CWx) is transmitted at high frequency and the challenge (Cx) is transmitted at 
low frequency. 
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Abstract 



A system is proposed for controlling access authorization. It includes a base device 
(BG) which receives a code word (CWx) that contains a response (Rx). A computer 
(16) compares the response (Rx) to a required response (Sx). An access is authorized 
if the response (Rx) and the required response (Sx) agree. A remote control ((Fl, ... 
Fx, ... Fn) transmits the code word (CWx). The system has the distinction that a 
challenge (Cx) transmitted by the base device (BG) is stored in the remote control 
(Fl, ... Fx, ... Fn) for generating the code word (CWx). 
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Citizenship: Federal Republic of Germany 



Post Office Address: Same as above. 
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- ? Inventor: Hans- Joerg MATHQKV 
Inventor's Signature: _ 

Date: # ?. 00 



Residence: Schorndorfer Weg 32 

71732 Tamm-Hohenstange jtd, 



Federal Republic of Germany ^fj^ ^ J ^} jC^^___^ 



Citizenship: Federal Republic of Germany 



Post Office Address: Same as above. 
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[10191/1452] 



DECLARATION AND POWER OF ATTORNEY 



As a below named inventor, I hereby declare that: 



My residence, post office address and citizenship are as stated below next to 

my name. 



claimed and for which a patent is sought on the invention entitled SYSTEM FOR 
CONTROLLING ACCESS AUTHORIZATION, the specification of which was filed as 
International Application No. PCT/DE98/0343 1 on November 20, 1998. 

I hereby state that I have reviewed and understand the contents of the 
above-identified specification, including the claims. 



examination of this application in accordance with Title 37, Code of Federal Regulations, 
§ 1.56(a). 



1 19 of any foreign application(s) for patent or inventor's certificate listed below and have also 
identified below any foreign application(s) for patent or inventor's certificate having a filing 
date before that of the application on which priority is claimed: 



I believe I am an original, first and joint inventor of the subject matter which is 



I acknowledge the duty to disclose information which is material to the 



I hereby claim foreign priority benefits under Title 35, United States Code, § 
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